Does MailPoet WP e-Commerce Add-on have any unpatched vulnerabilities?

No. All known vulnerabilities in MailPoet WP e-Commerce Add-on have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is MailPoet WP e-Commerce Add-on compatible with WordPress 3.7.41?

According to WordPress.org data, MailPoet WP e-Commerce Add-on 1.0.2 has been tested up to WordPress 3.7.41. Check the plugin's changelog for the latest compatibility information.

How often is MailPoet WP e-Commerce Add-on updated?

MailPoet WP e-Commerce Add-on was last updated on Mar 24, 2014. Frequent updates are generally a positive security signal.

What is MailPoet WP e-Commerce Add-on's security score?

MailPoet WP e-Commerce Add-on has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

MailPoet WP e-Commerce Add-on Security & Risk Analysis

wordpress.org/plugins/mailpoet-wp-e-commerce-add-on

Adds a checkbox on checkout page for your customers to subscribe to your MailPoet newsletters.

10 active installs v1.0.2 PHP + WP 3.5.1+ Updated Mar 24, 2014

extensionmailpoetsebs-studiowp-ecommercewysija

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is MailPoet WP e-Commerce Add-on Safe to Use in 2026?

Generally Safe

Score 85/100

MailPoet WP e-Commerce Add-on has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 12yr ago

Risk Assessment

The "mailpoet-wp-e-commerce-add-on" v1.0.2 plugin exhibits a mixed security posture. On the positive side, the absence of any known CVEs and a clean vulnerability history suggest a generally well-maintained codebase. The static analysis also shows no dangerous functions or external HTTP requests, which are common vectors for compromise. However, significant concerns arise from the code analysis, particularly regarding output escaping. With only 17% of outputs properly escaped, there is a substantial risk of Cross-Site Scripting (XSS) vulnerabilities. While the total number of outputs is small, unescaped output from any entry point can be dangerous. The taint analysis, though limited in scope, identified flows with unsanitized paths, indicating potential for insecure data handling, even if not classified as critical or high severity in this instance. The complete lack of any authorization checks on any identified entry points (AJAX, REST API, shortcodes, cron) is a major oversight, creating a broad attack surface that could be exploited if any new entry points were introduced or if existing ones were overlooked. The small number of SQL queries (4) and the fact that 75% use prepared statements is a positive sign, but the remaining 25% should ideally be 100% prepared.

Key Concerns

Low output escaping rate (17%)
Unsanitized paths in taint flows
No capability checks on entry points
SQL queries not fully prepared (25%)

Vulnerabilities

None known

MailPoet WP e-Commerce Add-on Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 17, 2026

MailPoet WP e-Commerce Add-on Code Analysis

Dangerous Functions

Raw SQL Queries

3 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

75% prepared4 total queries

Output Escaping

17% escaped6 total outputs

Data Flows

2 unsanitized

Data Flow Analysis

2 flows2 with unsanitized paths

add_wp_ecommerce_mailpoet_settings_page (mailpoet-wp-ecommerce-addon.php:89)

Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized

Attack Surface

MailPoet WP e-Commerce Add-on Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 5

actionwp_ecommerce_mailpoet_list_newslettersinclude\settings-newsletters.php:46

actioninitmailpoet-wp-ecommerce-addon.php:53

actionwpsc_submit_checkoutmailpoet-wp-ecommerce-addon.php:56

actionwpsc_add_submenumailpoet-wp-ecommerce-addon.php:79

actionadmin_noticesmailpoet-wp-ecommerce-addon.php:289

Maintenance & Trust

MailPoet WP e-Commerce Add-on Maintenance & Trust

Maintenance Signals

WordPress version tested3.7.41

Last updatedMar 24, 2014

PHP min version

Downloads2K

Community Trust

Rating0/100

Number of ratings0

Active installs10

Alternatives

MailPoet WP e-Commerce Add-on Alternatives

MailPoet Gravity Forms Add-on

mailpoet-gravity-forms-add-on

Adds a new field for you to allow your visitors to subscriber to your MailPoet newsletters.

100 No CVEs

MailPoet bbPress Add-on

mailpoet-bbpress-add-on

Enables your new forum members to subscribe to a newsletter while registering on the forum. Requires the use of [bbp-register] shortcode.

10 No CVEs

Add-on WooCommerce – MailPoet 3

add-on-woocommerce-mailpoet

Let your customers subscribe to your MailPoet 3 newsletter as they checkout from WooCommerce with their purchase.

600 No CVEs

MailPoet Checkout Subscription for WooCommerce (Legacy)

mailpoet-woocommerce-add-on

Let your customers subscribe to your newsletters as they checkout with their purchase.

300 No CVEs

Ninja Forms – MailPoet

ninja-forms-mailpoet

This extension integrates Ninja Forms with MailPoet by providing an option to add users who submit a form to an existing newsletter.

200 No CVEs

Developer Profile

MailPoet WP e-Commerce Add-on Developer Profile

Sébastien Dumont

15 plugins · 2K total installs

trust score

Avg Security Score

87/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect MailPoet WP e-Commerce Add-on

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

wp_ecommerce

Data Attributes

data-mailpoet-settings

FAQ